We use cookies to give you the best possible experience on our website. To find out more, view our cookie policy. By closing this message and continued use of our website means that you give your consent to our use of cookies.

Staff complacency among biggest risks to organisations

10th April 2017

by Shannon Greenhalgh

Staff complacency is among the biggest threats to an organisation's cyber-security, a new study has found.

A major corporate breach can spell disaster for companies which risk losing personal and customer data or hard-won intellectual property, as well as facing disruption and distrust for the business. As such, it is no surprise to see that cyber-security is beginning take predominance in boardrooms across the country, however, the dangers may sometimes be closer to home.

The Digital Development Index study, which was conducted by Barclays, ranked the UK ninth in a survey of 10 countries, behind Brazil, China and South Africa, when it came to cyber-security. One of the most notable extracts of data obtained was that the main struggle was not just warding off criminals, but uneducated or complacent staff.

According to the Financial Times, many staff members are not familiar or confident when it comes to cyber-defence, or worse still, simply do not care. British workers in particular were found to inadequately protect their devices and data.

Barclays stated that the lack of digital skills in the UK left businesses and individuals significantly vulnerable. Some 13% used password-generating software, whereas 32% did so in China and India.

Additionally, only 41% changed important passwords regularly and the majority of respondents were found to have stored payment information on websites they frequently use.

"Productivity and convenience are put above security," Chris Dye, a vice-president at UK-based cyber-security company Glasswall Solutions stated. "The feeling is that people need to be connected all the time, so companies open up access to [personal] devices."

In research by Glasswall, 87% of FTSE 100 firms surveyed identified cyber security as "a principal risk"-- yet many fail to explain to staff the vital role they play in keeping the company safe, Dye said.

"What people will open and how they think of documents from both known and unknown sources is absolutely alarming," Dye added. He explained that many deem an email is safe if it has been through the corporate firewall when quite often it is not.

For Rob Horton, senior product manager of NetReveal, an anti-fraud platform belonging to BAE Systems Applied Intelligence, security must be built-in in order to be effective. He said: "Security by design involves everybody making sure they are working securely, whatever role in the company they have. Whether an employee is working with a customer, delivering a service or writing code in an application, there needs to be accountability."